In this talk, we will show you how to develop the kernel sanitizers to get code-coverage support and memory issues detection support. We also developed very detailed (about 530) patterns based on grammar for XNU syscall api. Then we will give a live demo of latest macOS (10.13.6) root by using 3 0days discovered by our fuzzer. At the end, we will show you another powerful technique to obtain code-coverage without source code in a static way.
By Dongyang Wu, Yuefeng Li & Juwei Lin
Full Abstract & Presentation Materials: https://www.blackhat.com/eu-18/briefings/schedule/index.html#drill-apple-core-up-and-down—fuzz-apple-core-component-in-kernel-and-user-mode-for-fun-and-profit-12923